Home Platform About
Sign In Book a Demo

Security

Last Updated: May 25, 2026

Our Security Overview

Our clients entrust Xplarion with sensitive geological data, prospectivity models, and business intelligence about their mineral exploration programs. We take that responsibility seriously. Security is not an afterthought at Xplarion - it is built into how we design our platform, operate our systems, and manage our team.

Our security program is grounded in the principles of least privilege, separation of duties, defense in depth, and usability. We continuously invest in product security, security operations, incident response, risk management, and compliance to maintain the trust our clients place in us.

How We Protect Your Data

Encryption

All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Encryption keys are managed using industry-standard key management practices.

Access Controls

Access to production systems and client data follows the principle of least privilege. Multi-factor authentication is enforced for all internal system access. Role-based access controls limit what each user and system component can access.

Monitoring

Our systems are continuously monitored for anomalous behavior, potential threats, and security events. We maintain comprehensive audit logs and alert on suspicious activity around the clock.

Vulnerability Management

We conduct regular security assessments, penetration testing, and code reviews. Vulnerabilities are prioritized and remediated based on severity. We maintain a responsible disclosure process for external researchers.

Data Resilience

Client data is backed up regularly using automated processes. We maintain geographically distributed backups to ensure data can be recovered in the event of a localized failure. Recovery procedures are tested regularly.

Incident Response

We maintain a documented incident response plan and conduct tabletop exercises. In the event of a security incident affecting client data, we will notify affected clients promptly in accordance with applicable law and our contractual obligations.

Security Policy

Our security program is built around a controls framework that spans policies, procedures, technical controls, and operational practices. We conduct regular risk assessments to identify and prioritize potential threats, monitor our controls on an ongoing basis, and evaluate new threat vectors as the security landscape evolves. Our controls framework is reviewed and updated at least annually and following any significant security event or material change to the platform.

Infrastructure and Cloud Security

The Xplarion platform is hosted on industry-leading cloud infrastructure providers. We select providers that maintain their own rigorous security certifications and practices. Our cloud architecture is designed to isolate client data and minimize the blast radius of any potential compromise. Network-level controls, web application firewalls, and intrusion detection systems are deployed to protect against common attack vectors.

Employee Security

All Xplarion employees undergo background checks prior to employment. Security awareness training is conducted at onboarding and refreshed regularly. Employees with access to sensitive systems or client data are subject to enhanced security controls and periodic access reviews. Departing employees have their access revoked promptly upon separation.

Vendor and Subprocessor Security

We evaluate the security posture of third-party vendors and subprocessors before engaging them and review them periodically. Vendors with access to client data are required to meet our security standards and are subject to contractual security obligations consistent with applicable law and our commitments to clients.

Compliance

Xplarion is actively working toward industry security certifications. Our security program is designed to align with the trust services criteria established by the American Institute of Certified Public Accountants (AICPA) for SOC 2 compliance. We will communicate certification status to clients upon request as our compliance program matures.

We also maintain compliance with applicable data protection laws, including the Colorado Privacy Act (CPA) and, where applicable, the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other relevant regional data protection frameworks.

Reporting a Security Vulnerability

We appreciate the work of security researchers who help improve the safety of our platform. If you believe you have discovered a security vulnerability in Xplarion's systems, please report it responsibly:

Do not exploit the vulnerability or access, modify, or delete data that does not belong to you.

Do not disclose the vulnerability publicly before giving us reasonable time to investigate and address it.

Email your report to info@xplarion.com with a description of the vulnerability, steps to reproduce it, and any relevant screenshots or proof-of-concept code.

We will acknowledge receipt of your report within 3 business days and keep you informed of our progress as we investigate. We will not take legal action against researchers who discover and report vulnerabilities responsibly in accordance with these guidelines.

Contact

For questions about our security practices or to request a security review as part of a vendor assessment, please contact us at info@xplarion.com. Enterprise clients may request a copy of our security documentation through their client success manager.